Loading…
Tag
#OAuth
3 posts
June 8, 2026
The Ticking Clock: Why Short-Lived JWTs Are Your Best Defense
Stateless JWTs can't be revoked on demand — once issued, they live until they expire. This deep dive covers why short lifetimes (5–15 min) are the strongest control you have, how the access/refresh token split actually works, refresh token rotation with reuse detection, and the sender-constrained token guidance from RFC 9700 (Jan 2025).
JWTAuthenticationSecurity
May 28, 2026
MCP 2.0: The Stateless Rewrite That Breaks Every Server You've Shipped
The next MCP spec drops session IDs, removes the initialize handshake, and turns Extensions, Tasks, and MCP Apps into first-class citizens. It's the largest revision since launch — and it contains breaking changes. Here's every change, why it exists, and what you have to migrate before July 28, 2026.
MCPModel Context ProtocolAI Agents
January 1, 2024
Shhh! It's a Secret: How Keycloak Keeps Your Data Safe
Keycloak is an open-source identity broker: your app delegates login to a central server, gets back tokens, and never has to store passwords itself. This article walks through the login redirect flow, why that pattern is more secure, and where to go next—including Laravel integration.
KeycloakIAMOAuth